Nat performance not great

**mehboob_urrehman** · 08-30-2009

Hi,

I tried using my linux box as a router that does MASQUERADE for the internal network,

it works but the performance is really poor, I am able to open a web page or two but then it stops, though I;m still able to ping,

I;ve also tried using SNAT and specified multiple outside ip address and port range of 1024 to 40000 but still the performance doesn't improve!

has anyone else run into a similar problem,, any suggestions ??

currently I'm doing it on ubuntu 9.10 2.6.31-6-generic

iptables v1.4.4

**Lazydog** · 08-31-2009

Many questions.

How large is the network that you are MASQ'ing?
How Old/New is the box hardware you are using for NAT?

**coopstah13** · 08-31-2009

I have a better question, why are you using an unreleased version of ubuntu for production?

**mehboob_urrehman** · 08-31-2009

well its not a production server, it just had ubuntu installed and the network also is not large , just one or two hosts..

my nat configuation was

iptables -t nat -A POSTROUTING -s 0.0.0.0/0 -j SNAT --to-source 172.16.1.1-172.16.1.7:1024-40000

and i also tried

iptables -t nat -A POSTROUTING -j MASQUERADE

**Lazydog** · 09-01-2009

How about you add an interface to that NAT rule? You don't want both ends being nat'ed do you, just the traffic leaving the network.

Code:

iptables -t nat -A POSTROUTING -o eth# -j MASQUERADE

Thread Tools

Display

Nat performance not great

Posting Permissions